In the field of consumer telecommunications, network access providers offer network access as a subscription based service to subscribers across a variety of communication mediums and through a variety of communication protocols. Many network access providers employ edge network elements between the Internet and subscriber end stations. As subscriber end stations are involved in communications with the network, the edge network elements forward network traffic from the subscriber end station to the Internet and vice-versa.
For example, in the case of DSL service, a subscriber end station may utilize a DSL modem coupled over telephone lines to a Digital Subscriber Line Access Multiplexer (DSLAM). The DSLAM may be further coupled to an edge network element via a variety of Wide Area Network (WAN) services, such as ATM or ETHERNET protocol over T1, T3, OC3, OC12, OC48, or OC128. As often is the case, a service provider may implement security measures to ensure that a subscriber end station is authorized to make use of the network. These security measures may authenticate the identity of a subscriber end station and the corresponding subscriber, authorize the subscriber end station to use certain end station information resources, and account for the subscriber end stations' usage of network resources; collectively, these security measures are respectively referred to as Authentication, Authorization, and Accounting (AAA).
Each time a subscriber end station is not authenticated through the service provider's security measures, then the subscriber end station may attempt to authenticate again. In many cases, an edge network element must forward the authentication request along to an AAA server that provides the security measures as part of a client/server system to the edge network element.
FIG. 1 (prior art) illustrates a data flow diagram of subscriber end station session requests and AAA access-request messages along with the corresponding response messages. Along the top of FIG. 1 a subscriber end station ‘A’ 100, a network element 105, and an AAA server 110 are each illustrated with a vertical line indicating the progression of time. The transmission of various requests and responses are illustrated chronologically down as horizontal arrows between the vertical lines.
In FIG. 1, the subscriber end station ‘A’ 100 is attempting to initiate a session with the network element 105. In order to fully initiate a session the network element 105 must verify information with the AAA server 110. It is well understood that a plurality of subscriber end stations may be coupled to the network element 105 and the designation of subscriber end station ‘A’ is used to focus on an exemplary subscriber end station.
In FIG. 1, the subscriber end station ‘A’ 100 transmits a subscriber end station ‘A’ session-request message 120A to a network element 105. In response to the session-request message 120A, the network element 105 transmits an AAA access-request message 130A to an AAA server 110. Responsive to the AAA access-request message 130A, the AAA server transmits an AAA access-reject message 135A to the network element 105. The network element 105 transmits a subscriber end station ‘A’ session-reject message 125A to the subscriber end station ‘A’ 100 responsive to the AAA access-reject message 135A. In at least some cases, the subscriber end station ‘A’ 100 will attempt another subscriber ‘A’ session-request message 120B-120N to network element 105 after each session-reject messages 125A-125N. In the prior art, the network element 105 transmits an AAA access-request message 130A-130N in response to each subscriber end station ‘A’ session-request message 120A-120N. In turn, the AAA server 110 transmits an AAA access-reject message 135A-135N in response to each AAA access-request message 130A-130N, and the network element 105 transmits a subscriber end station ‘A’ session-reject message 125A-125N in response to each AAA access-reject message 135A-135N.